NATIONAL VULNERABILITY DATABASE
CVE-2016-5736
Summary: The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 11.4.0 through 11.4.1 improperly enables the anonymous IPsec IKE peer configuration object, which allows remote attackers to establish an IKE Phase 1 negotiation and possibly conduct brute-force attacks against Phase 2 negotiations via unspecified vectors.
Published: 8/19/2016 5:59:12 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-5390
Summary: Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces.
Published: 8/19/2016 5:59:11 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 2.1 LOW
CVE-2016-4995
Summary: Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
Published: 8/19/2016 5:59:10 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 3.5 LOW
CVE-2016-4475
Summary: The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
Published: 8/19/2016 5:59:09 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.5 MEDIUM
CVE-2016-4451
Summary: The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
Published: 8/19/2016 5:59:08 PM
CVSS Severity: v3 - 5.0 MEDIUM v2 - 6.0 MEDIUM
CVE-2016-3195
Summary: Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 8/19/2016 5:59:07 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3194
Summary: Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 8/19/2016 5:59:06 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3193
Summary: Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Published: 8/19/2016 5:59:05 PM
CVSS Severity: v3 - 5.4 MEDIUM v2 - 3.5 LOW
CVE-2016-3089
Summary: Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
Published: 8/19/2016 5:59:04 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-0760
Summary: Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Published: 8/19/2016 5:59:03 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 6.5 MEDIUM
CVE-2015-8949
Summary: Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
Published: 8/19/2016 5:59:02 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2015-8022
Summary: The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.
Published: 8/19/2016 5:59:01 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 8.5 HIGH
CVE-2014-9906
Summary: Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Published: 8/19/2016 5:59:00 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 10.0 HIGH
CVE-2016-4654
Summary: IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Published: 8/18/2016 3:59:03 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
CVE-2016-1458
Summary: The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483.
Published: 8/18/2016 3:59:02 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.0 HIGH
CVE-2016-1457
Summary: The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513.
Published: 8/18/2016 3:59:01 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 9.0 HIGH
CVE-2016-1365
Summary: The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
Published: 8/18/2016 3:59:00 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 8.5 HIGH
CVE-2016-6367
Summary: Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
Published: 8/18/2016 2:59:01 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 6.8 MEDIUM
CVE-2016-6366
Summary: Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
Published: 8/18/2016 2:59:00 PM
CVSS Severity: v3 - 8.8 HIGH v2 - 8.5 HIGH
CVE-2016-5847
Summary: SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.
Published: 8/12/2016 9:59:08 PM
CVE-2016-5845
Summary: SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
Published: 8/12/2016 9:59:07 PM
CVE-2016-5384
Summary: fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
Published: 8/12/2016 9:59:05 PM
CVE-2016-6214
Summary: gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Published: 8/12/2016 11:59:04 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-6207
Summary: Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
Published: 8/12/2016 11:59:03 AM
CVE-2016-6161
Summary: The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
Published: 8/12/2016 11:59:02 AM
CVE-2016-6132
Summary: The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
Published: 8/12/2016 11:59:00 AM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-6597
Summary: Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability.
Published: 8/10/2016 10:59:07 AM
CVSS Severity: v3 - 8.6 HIGH v2 - 5.0 MEDIUM
CVE-2016-5421
Summary: Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
Published: 8/10/2016 10:59:06 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2016-5420
Summary: curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Published: 8/10/2016 10:59:05 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-5419
Summary: curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Published: 8/10/2016 10:59:03 AM
CVSS Severity: v3 - 7.5 HIGH v2 - 5.0 MEDIUM
CVE-2016-5408
Summary: Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051.
Published: 8/10/2016 10:59:02 AM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2013-7458
Summary: linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
Published: 8/10/2016 10:59:00 AM
CVSS Severity: v3 - 3.3 LOW v2 - 2.1 LOW
CVE-2016-3329
Summary: Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
Published: 8/9/2016 5:59:33 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 2.6 LOW
CVE-2016-3327
Summary: Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.
Published: 8/9/2016 5:59:32 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 2.6 LOW
CVE-2016-3326
Summary: Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.
Published: 8/9/2016 5:59:30 PM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 2.6 LOW
CVE-2016-3322
Summary: Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3289.
Published: 8/9/2016 5:59:29 PM
CVSS Severity: v3 - 7.5 HIGH v2 - 7.6 HIGH
CVE-2016-3321
Summary: Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure Vulnerability."
Published: 8/9/2016 5:59:28 PM
CVSS Severity: v3 - 2.5 LOW v2 - 1.9 LOW
CVE-2016-3320
Summary: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."
Published: 8/9/2016 5:59:27 PM
CVE-2016-3319
Summary: The PDF library in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
Published: 8/9/2016 5:59:26 PM
CVE-2016-3318
Summary: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability."
Published: 8/9/2016 5:59:25 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
CVE-2016-3317
Summary: Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
Published: 8/9/2016 5:59:24 PM
CVE-2016-3316
Summary: Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
Published: 8/9/2016 5:59:23 PM
CVSS Severity: v3 - 7.8 HIGH v2 - 9.3 HIGH
CVE-2016-3315
Summary: Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
Published: 8/9/2016 5:59:21 PM
CVSS Severity: v3 - 5.5 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-3313
Summary: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
Published: 8/9/2016 5:59:20 PM
CVE-2016-3312
Summary: ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."
Published: 8/9/2016 5:59:19 PM
CVSS Severity: v3 - 9.1 CRITICAL v2 - 5.0 MEDIUM
CVE-2016-3311
Summary: The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3310.
Published: 8/9/2016 5:59:18 PM